Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add feature to disable dns zone creation for private endpoints #1739

Open
jrudley opened this issue Mar 1, 2024 · 5 comments
Open

add feature to disable dns zone creation for private endpoints #1739

jrudley opened this issue Mar 1, 2024 · 5 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@jrudley
Copy link

jrudley commented Mar 1, 2024

Is your feature request related to a problem?/Why is this needed
When using an enterprise scale approach with Azure Policy and Private Endpoints, the dns zones are in the hub network. The file csi driver will try and create the private dns zones if privateendpoint is configured. Azure policy handles dns registration of private endpoints in the hub. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale.

Describe the solution you'd like in detail
Have a feature in parameters to disable creating dns private endpoint zones.

Describe alternatives you've considered
To workaround this, I must manually create the storage account, specify the name in my storageclass and go that route instead of having the driver do everything for me within aks.
@andyzhangx
Copy link
Member

@jrudley this driver would create a dns zone and then create dns zone group linked to the private end point? so if dns zone is not created, how does this private end point link to the dns zone? do you want to bring your own dns zone and dns zone group?

@jrudley
Copy link
Author

jrudley commented Mar 2, 2024 via email

@andyzhangx andyzhangx added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 14, 2024
@andyzhangx
Copy link
Member

@jrudley following is current steps to create private endpoint and dns zone, the private endpoint should still be created by the driver, then how would link the DNS zone group to the private endpoint name since if you bring your own dns zone group, the private endpoint is actually not created at that time.

azure_storageaccount.go:614] Creating private dns zone(privatelink.file.core.windows.net) in resourceGroup (capz-ugkm2a)
azure_storageaccount.go:636] Creating virtual link for vnet(capz-ugkm2a-vnet-vnetlink) and DNS Zone(privatelink.file.core.windows.net) in resourceGroup(capz-ugkm2a)
azure_storageaccount.go:576] Creating private endpoint(ff0f9ebcac377493ab9fab3-pvtendpoint) for account (ff0f9ebcac377493ab9fab3)
azure_storageaccount.go:658] Creating private DNS zone group(ff0f9ebcac377493ab9fab3-dnszonegroup) with privateEndpoint(ff0f9ebcac377493ab9fab3-pvtendpoint), vNetName(capz-ugkm2a-vnet), resourceGroup(capz-ugkm2a)

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 12, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jrudley @andyzhangx @k8s-ci-robot @k8s-triage-robot